#! /usr/bin/python -E
# Authors: Martin Nagy <mnagy@redhat.com>
# Based on ipa-server-install by Karl MacMillan <kmacmillan@mentalrootkit.com>
#
# Copyright (C) 2007 - 2009  Red Hat
# see file 'COPYING' for use and warranty information
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program.  If not, see <http://www.gnu.org/licenses/>.
#

import traceback

from ipaserver.plugins.ldap2 import ldap2
from ipaserver.install import bindinstance, ntpinstance
from ipaserver.install.installutils import *
from ipapython import version
from ipapython import ipautil, sysrestore
from ipalib import api, errors, util
from ipapython.config import IPAOptionParser
import krbV
import ldap

def parse_options():
    parser = IPAOptionParser(version=version.VERSION)
    parser.add_option("-p", "--ds-password", dest="dm_password",
                      sensitive=True, help="admin password")
    parser.add_option("-d", "--debug", dest="debug", action="store_true",
                      default=False, help="print debugging information")
    parser.add_option("--ip-address", dest="ip_address", help="Master Server IP Address")
    parser.add_option("--forwarder", dest="forwarders", action="append",
                      help="Add a DNS forwarder")
    parser.add_option("--no-forwarders", dest="no_forwarders", action="store_true",
                      default=False, help="Do not add any DNS forwarders, use root servers instead")
    parser.add_option("--no-reverse", dest="no_reverse",
                      action="store_true", default=False,
                      help="Do not create reverse DNS zone")
    parser.add_option("--zonemgr", dest="zonemgr", 
                      help="DNS zone manager e-mail address. Defaults to root")
    parser.add_option("-U", "--unattended", dest="unattended", action="store_true",
                      default=False, help="unattended installation never prompts the user")

    options, args = parser.parse_args()
    safe_options = parser.get_safe_opts(options)

    if options.forwarders and options.no_forwarders:
        parser.error("You cannot specify a --forwarder option together with --no-forwarders")

    if options.unattended:
        if not options.forwarders and not options.no_forwarders:
            parser.error("You must specify at least one --forwarder option or --no-forwarders option")

    return safe_options, options

def resolve_host(host_name):
    ip = None
    try:
        addrinfos = socket.getaddrinfo(host_name, None,
                                       socket.AF_UNSPEC, socket.SOCK_DGRAM)
    except:
        print "Unable to lookup the IP address of the provided host"
        return None

    for ai in addrinfos:
        ip = ai[4][0]
        if ip == "127.0.0.1" or ip == "::1":
            print "The hostname resolves to the localhost address (127.0.0.1/::1)"
            print "Please change your /etc/hosts file so that the hostname."
            print "resolves to the ip address of your network interface."
            print ""
            print "Please fix your /etc/hosts file and restart the setup program."
            print ""
            sys.exit("Aborting installation.")

    if addrinfos:
        ip = addrinfos[0][4][0]

    return ip

def main():
    safe_options, options = parse_options()

    if os.getegid() != 0:
        sys.exit("Must be root to setup server")

    standard_logging_setup("/var/log/ipaserver-install.log", options.debug, filemode='a')
    print "\nThe log file for this installation can be found in /var/log/ipaserver-install.log"

    logging.debug('%s was invoked with options: %s' % (sys.argv[0], safe_options))
    logging.debug("missing options might be asked for interactively later\n")

    global fstore
    fstore = sysrestore.FileStore('/var/lib/ipa/sysrestore')

    print "=============================================================================="
    print "This program will setup DNS for the FreeIPA Server."
    print ""
    print "This includes:"
    print "  * Configure DNS (bind)"
    print ""
    print "To accept the default shown in brackets, press the Enter key."
    print ""

    # Check bind packages are installed
    if not bindinstance.check_inst(options.unattended):
        sys.exit("Aborting installation.")

    # Initialize the ipalib api
    cfg = dict(
        in_server=True,
        debug=options.debug,
    )
    api.bootstrap(**cfg)
    api.finalize()

    if bindinstance.named_conf_exists():
        sys.exit("\nDNS is already configured in this IPA server.")

    # Check we have a public IP that is associated with the hostname
    if options.ip_address:
        ip_address = options.ip_address
    else:
        ip_address = resolve_host(api.env.host)
    if not ip_address or not verify_ip_address(ip_address):
        if options.unattended:
            sys.exit("Unable to resolve IP address for host name")
        else:
            ip_address = read_ip_address(api.env.host, fstore)
    logging.debug("will use ip_address: %s\n", ip_address)

    if options.no_forwarders:
        dns_forwarders = ()
    elif options.forwarders:
        dns_forwarders = options.forwarders
    else:
        dns_forwarders = read_dns_forwarders()
    logging.debug("will use dns_forwarders: %s\n", str(dns_forwarders))

    conf_ntp = ntpinstance.NTPInstance(fstore).is_enabled()

    if not options.unattended:
        print ""
        print "The following operations may take some minutes to complete."
        print "Please wait until the prompt is returned."
        print ""

    # Create a BIND instance
    bind = bindinstance.BindInstance(fstore, options.dm_password)

    valid_password = False
    while not valid_password:
        # try the connection
        try:
            bind.ldap_connect()
            bind.ldap_disconnect()
            valid_password = True
        except ldap.LOCAL_ERROR, e:
            if not bind.dm_password:
                if options.unattended:
                    sys.exit("\nIn unattended mode you need to provide at least the -p option")
                else:
                    bind.dm_password = read_password("Directory Manager", confirm=False, validate=False)
        except ldap.INVALID_CREDENTIALS, e:
            if options.unattended:
                sys.exit("\nPassword is not valid!")
            bind.dm_password = read_password("Directory Manager", confirm=False, validate=False)

    create_reverse = True
    if options.unattended:
        create_reverse = not options.no_reverse
    elif not options.no_reverse:
        create_reverse = bindinstance.create_reverse()
    bind.setup(api.env.host, ip_address, api.env.realm, api.env.domain, dns_forwarders, conf_ntp, create_reverse, zonemgr=options.zonemgr)

    if bind.dm_password:
        api.Backend.ldap2.connect(bind_dn="cn=Directory Manager", bind_pw=bind.dm_password)
    else:
        # See if our LDAP server is up and we can talk to it over GSSAPI
        ccache = krbV.default_context().default_ccache().name
        api.Backend.ldap2.connect(ccache)

    bind.create_instance()


    print "=============================================================================="
    print "Setup complete"
    print ""
    print "\tYou must make sure these network ports are open:"
    print "\t\tTCP Ports:"
    print "\t\t  * 53: bind"
    print "\t\tUDP Ports:"
    print "\t\t  * 53: bind"

    return 0

try:
    sys.exit(main())
except SystemExit, e:
    sys.exit(e)
except KeyboardInterrupt:
    print "Installation cancelled."
except RuntimeError, e:
    print str(e)
except Exception, e:
    message = "Unexpected error - see ipaserver-install.log for details:\n %s" % str(e)
    print message
    message = str(e)
    for str in traceback.format_tb(sys.exc_info()[2]):
        message = message + "\n" + str
    logging.debug(message)
    sys.exit(1)
